Understanding how killall works using strace

Right now I’m on a million-hour train ride from New York to Montreal.
So I’m looking at the output of strace because, uh, strace is
cool, and it is teaching me some things about how the command line
tools I
use all the time work.

What strace does is capture every single system call that gets
called when executing a program. System calls are the interface
between userspace programs and the kernel, so looking at the output
from strace is a fun way to understand how Linux works, and what’s
really involved in running a program.

Once it’s done that, then it iterates through all the PIDs, opens
/proc/$PID/stat, and checks to see if the process has the right
name. The kernel isn’t involved in seeing whether or not the process
has the right name, so we don’t see that in the strace output.

Once it finds a PID that it wants to kill, it runs something like

kill(11510, SIGTERM)

to kill it. SIGTERM isn’t a very serious killing-y signal – it’s
signal 15, and processes can ignore it or save their state before they
stop. If you run killall -9, it will sent SIGKILL to all the
matching processes and it will kill them dead.

This is really neat! I never thought of killall as having to do an
exhaustive search through all PIDs before, but it makes sense.

After all of that, if there was something to kill, the only thing left
is exit_group(0). man 2 exit_group tells me that this exits all
threads in a process, and that this system call is called at the end
.of every process

If we run killall blah, and there was no "blah" process to kill,
instead we see: